Hi-
I'm running my xserve, G4 dual, 10.3.9 with the firewall off- as an internal standalone server.
I have a program that requires communication over ports 9090 and 4465
I have a fixed IP for my DSL
I have a Netgear router- which connects my DSL to my Dell Powerconnect 2616 gigabit switch-

I have the server with a manually assigned IP- the rest of the network is DHCP.
I've tried to open the ports using port forwarding on the Netgear- but they tell me that is only external- to the internet-
how do I open them internally?

Thanks

@nextwave
open up syste prefs (on your server) go to the sharing pref pane, then click the firewall tab, there is button on the right side that says "new" this is where you can new ports. are you trying to allowing traffic on these ports coming from inside or outside your network? you will also need to foward these ports on your router to your server.

@nextwave
open up syste prefs (on your server) go to the sharing pref pane, then click the firewall tab, there is button on the right side that says "new" this is where you can new ports. are you trying to allowing traffic on these ports coming from inside or outside your network? you will also need to foward these ports on your router to your server.

I'm using OSX Server- 10.3.9
Sharing doesn't work the same was as regular OSX-

In Workgroup manager- Firewall isn't active-
but, when I go in I get 3 listings under IP Address Group in the Settings tab:
10-net
192.168-net
any

shouldn't there only be one setting here?

and some services are checked in the Any IP Address group- but none in others-

thanks

Hi nextwave,
if your server firewall is off then it is only the router that needs ports forewarding. I can't remember the details but on the Netgear site there are instructions on how to do that, because as I found, it is not obvious.

I've done the Netgear port forwarding-
and enabled DMZ-
which supposedly opens all ports-

however- according to http://www.blackcode.com/net-tools/ the ports are still closed.

I'm not sure if this is causing the problems anymore-
but, I'm still interested in checking.

Thanks

You need to try contacting the server from another computer on your LAN to find out if the router is the problem. From any other computer connected to the router, you can open the Terminal and type:
telnet server.ip.address port#
If you get a response, that means the server is in fact listening on that port. Then you know that the problem is the router (this is assuming that the server's firewall is in fact off).

If you want to make sure the firewall isn't causing problems, go ahead and turn it on. Then, set it so that all traffic is allowed for the "any" group. If that doesn't change anything, turn it back off.

here is what my session looked like-
[my~Computer:~] david% telnet 192.168.0.2 9090
Trying 192.168.0.2...
telnet: connect to address 192.168.0.2: Connection refused
telnet: Unable to connect to remote host
[my~Computer:~] david% telnet 192.169.0.2 4465
Trying 192.169.0.2...
telnet: connect to address 192.169.0.2: Operation timed out
telnet: Unable to connect to remote host
[my~Computer:~] david%

that would seem to indicate- no connection to either port, correct? Or did I enter things wrong?

thanks so much for the help!

Yes, that is what it would seem to indicate. BTW, are you sure that the software for the server is up and running? Those ports wouldn't be opened until the software was actually listening for data.

I have workgroup manager and server admin running-
and when we try to shut down- it says clients are connected with AFP-
the program- StudioMetry- is running as well.
I don't have the firewall enabled.
I've forwarded ports on the Router- and enabled DMZ.
So- what do I do next-

I reallly appreciate the help.

If the firewall is off and you are able to connect to other services (like AFP), I think you need to contact support for StudioMetry. I'm not familiar with that software, but if everything else is working on the server then something just isn't set up right.

Believe me- I've contacted the developer- problem is- he isn't that familiar with the Xserve-
it comes down to my powerbook being the one big issue-
I've tried all kinds of things- I still have a 20 second lag on switching to studiometry from another app- while the computer- and network think about it.
I appreciate all the help.

I'm still miffed why with Linsys routers I was only able to open 1 of the two ports- and with the Netgear neither....

OK-
so I made a dumb@ss mistake-
hadn't reset the IP in port forwarding to the new fixed IP- when I determined it might be out of address range-
now- I can telnet 192.168.0.2 4465
and connect-
but- still can't open port 9090.
?Is there a port 9090 on an x-serve?
(or in the software- I'm not sure if ports are software or hardware- feel free to enlighten me)

Can it be opened?

Thanks!

Ports are software. A port is "opened" when a software program tells the OS that it wants to listen for data on it. When you activate remote login (otherwise known as SSH), port 22 is "opened". If you turn on web sharing, port 80 gets opened. So it's all a matter of the server software.

Giskard22- thanks for the clarification-
so- when I "open ports" on my Xserve- where do I go to do it?
When I do port forwarding on my router- opening ports 4465 and port 9090- it seems to open port 4465 on 3 different routers- but- I can never open port 9090.
Is this because the xserve has some security patch- or that it has apache on it- even though we don't use it?

Thanks

I don't think you quite understood what I'm saying. Server software opens whatever ports it needs. You "open ports" just by running software -- like a web server or this program you're trying to use -- that listens for data over the network.

What you're doing in the router is "port forwarding". You're telling the router that any packets addressed to it on a certain port should be forwarded to a particular IP address. If you've made your server a DMZ, you don't need to use any forwarding. However, it's more secure to use forwarding instead of DMZ.

The only time you need to explicitely allow access to ports on an individual computer is if the computer is running a firewall. Then you use the configuration system for the firewall to allow packets to get through. But as you said, you're not using a firewall.

If you're forwarding the ports with your router, and the server software is up and running (and configured properly, if necessary), everything should work. The fact that a port isn't "open" on your XServe simply means that no program is listening for data on it. Are you sure this is supposed to be happening? If so, once again you want to go back to the support group for the software and find out how to configure it properly. It sounds like you've set up everything else correctly.

Hi-
As to setting up OS X Server and configuring it "properly"- I think it's working.
If StudioMetry isn't listening for data on port 9090- then I guess that's why the port doesn't appear open.
I've done forwarding and DMZ. I'm going to shut off DMZ and see if port 4465 is still open.
I'm not using a firewall- except the router- and this is all for internal use-

I'm typically not this stupid when it comes to Macs.

Thank you for your patience.

(Apologies in adavance for the thread necromancy)

I had this same problem and it appears that I've solved it at least temporarily with Studiometry.
Head on over to the OS X Server Admin, login and check that your firewall is on. On the firewall page, click on Settings and then on Advanced. You're going to make 4 new settings.

First make sure you know what your Server's IP address is (Probably something like 192.168.0.3 or whatnot), and make sure you know how to specify IP addresses in your local LAN (Probably something like 192.168.0/24, which will allow addresses from 192.168.0.1 to 192.168.0.255)

OK so then make four new rules:

One for TCP that allows <server IP address> sender to <local users> receiver on port 4465 going OUT.
One for TCP that allows <local users> sender to <server IP address> receiver on port 4465 coming IN.
One for UDP that allows <server IP address> sender to <local users> receiver on port 9090 going OUT.
One for UDP that allows <local users> sender to <server IP address> receiver on port 9090 coming IN.

You can check your settings by launching Terminal and typing in "sudo ipfw list", and then entering your admin password when prompted.

You can narrow down access further to a smaller list of IP addresses if you like. If you have specific remote users who have "hard" IP addresses you can add special settings for them, I suppose. Any of you really smart server guys feel free to recommend better settings. :)